1/12 




2/12 



FIG.2 





3/12 



FIG.3 



EEi(ll) 



31. 



PROCESSING UNIT 30a 



SIGNATURE 
GENERATION UNIT 



32 



SIGNATURE 
VALIDATION UNIT 



33 



CONTROL UNIT 



30d 



INPUT/OUTPUT UNIT 



STORAGE UNIT 30b 



ELECTRONIC 
DOCUMENT HOLDING 
UNIT 



34 



KEY HOLDING UNIT 



/ 



35 



VALIDATION 
SUBJECT 
HOLDING UNIT 



36 



COMMUNICATION 
UNIT 



30c 



NET 16 



4/12 



FIG.4 



CAi(13) 



PROCESSING UNIT 40a 



41 



ISSUE UNIT 



42 



MANAGEMENT UNIT 



43 



Vn 



CONTROL UNIT 



40d 



INPUT/OUTPUT UNIT 



STORAGE UNIT 40b 



44 



PUBLIC KEY MV 
CERTIFICATE DB 



45 



ISSUE DESTINATION 
MANAGEMENT LIST 
HOLDING UNIT 



46 



CERTIFICATE 
REVOCATION LIST 
HOLDING UNIT 



30c 



COMMUNICATION 
UNIT 



NET 16 



5/12 



FIG.5 



VA(14) 



51 



52 



53 



54 



55 



50d 



PROCESSING UNIT 50a 



PATH SEARCH UNIT 



PATH VALIDATION 
UNIT 



VALIDITY TERM/ 
REVOCATION STATE 
EXAMINATION UNIT 



VALIDITY 

AUTHENTICATION 

UNIT 



CONTROL UNIT 



INPUT/OUTPUT UNIT 



STORAGE UNIT 50b 



PATH DB 



VALID-PATH DATABASE 



INVALID-PATH 
DATABASE 



CERTIFICATE REVOCATION 
LIST CREATION SCHEDULE 
TIMEDB 



56 
56A 

56B 



57 



COMMUNICATION UNIT 



30c 



t 

NET 16 



6/12 



FIG.6 




63 



EXTERNAL 

STORAGE 

DEVICE 



INTERFACE 




7/12 



FIG.7 



OPERATION OF SEARCHING FOR. VALIDATING AND MANAGING PATHS 



S1001 



C START ^ 

HAS PREDETERMINED 
TIME LAPSED? 



S1002>j^ 
S1003 



YES I 



> 



NO 



CLEAR DB 



SI 004- 



SEARCH FOR PATH 

T 



\ HAS PATH BEEN DETECTED ?> 
SI 005^ 



NO 



SI 006 




VALIDATE PATH 



HAS VALIDATION OF PATH HELD GOOD? 



S1007~ 



YES| 



REGISTER PATH AND CRL I 
VALID-PATH DB 



NO 



1 



SI 008 



REGISTER PATH AND CRL IN 
INVALID-PATH DB 



SI 009 



SI 010 



S1012 




£ 



IS THERE VALIDITY TERM-EXPIRED 
CERTIFICATE IN VALID-PATH DB? 





YES| 



HAS ISSUE ORIGIN OF TERM-EXPIRED 
CERTIFICATE ISSUED CERTIFICATE ANEW? 



YES| 



VALIDATE PATH ASSOCIATED WITH 
TERM-EXPIRED CERTIFICATE, 
BY USING NEW CERTIFICATE 




1 



S1011 



REGISTER PATH ASSOCIATED WITH 
TERM-EXPIRED CERTIFICATE. 
IN INVALID-PATH DB 



T 



8/12 



FIG.8 



OPERATION OF SEARCHING FOR, VALIDATING AND MANAGING PATHS 



S1013 




i 



HAS PATH VALIDATION 
HELD GOOD? 



NO 



S1014 



YES 



SUBSTITUTE TERM-EXPIRED 
CERTIFICATE IN VALID-PATH DB, 
BY NEW CERTIFICATE 



S1016 



i 



S1015 



REGISTER PATH ASSOCIATED 
WITH TERM-EXPIRED CERTIFICATE, 
IN INVALID-PATH DB 



B 



SEARCH FOR CA WHOSE CREATION SCHEDULE TIME 
FOR CERTIFICATE REVOCATION LIST HAS EXPIRED 



S1017 



S1018 



S1019 




IS THERE CA OF LAPSED 
SCHEDULE TIME? 



|YES 




NO 



OBTAIN NEWEST CERTIFICATE 
REVOCATION LIST FROM 
DETECTED CA 



UPDATE CERTIFICATE 
REVOCATION LIST CREATION 
SCHEDULE TIME OF DETECTED CA 




1 



i 



SI 020 



IS THERE CERTIFICATE 
INCLUDED IN OBTAINED LIST, 
IN VALID-PATH DB? 




YES 



1 



SI 021 



REGISTER PATH ASSOCIATED 
WITH CERTIFICATE INCLUDED 
IN LIST, IN INVALID-PATH DB 



9/12 

FIG.9 



PATH SEARCH RESULT (IN CASE OF FIG. 2) 



VALID PATH 


TRUST 
ANCHOR CA 


EE CERTIFICATE 
ISSUING CA 


PATH 


CRL 


CAii 


CA12 


CAi ^ - CAi 2 


VALID 


CA22 


CAi i-CAbridge-CA2i-CA22 


VALID 


CA21 


CA12 


CA21 -CAbridge-CA^ 1 -CA^ 2 


VALID 


CA12 


CA21 ~ CA22 


VALID 


CAbridge 


CA22 


CAbridge-CA^ l-CA^ 2 


VALID 


CA12 


CAbridge-CA2 1 -CA22 


VALID 




INVALID PATH 


TRUST 
ANCHOR CA 


EE CERTIFICATE 
ISSUING CA 


PATH 


CRL 


CAii 


CA13 


CA^ 1 - CA^ 2 


INVALID 


CA21 


CA12 


CA21 -CAbridge-CAi ] -CA^ 2 


INVALID 


CAbridge 


CA12 


CAbridge-CA^ 1 -CAi 2 


INVALID 



10/12 



FIG.10 



OPERATION OF AUTHENTICATING VALIDITY OF PUBLIC KEY CERTIFICATE 



C 



START 



3 



S2001 



HAS AUTHENTICATION 
REQUEST BEEN RECEIVED?. 



J 



NO 



S2002 




jYES 



IS THERE PATH CORRESPONDING 
TO AUTHENTICATION REQUEST, 
IN VALID-PATH DB? 



S2003 



Iyes 



HAVE SIGNATURE 
VALIDATION 
AND REVOCATION 
AUTHENTICATION 
FOR EE CERTIFICATE BEEN 
.SUCCESSFUL? 



S2004 



S2005 




i 



YES 



IS THERE DESCRIPTION ABOUT 
CONSTRAINT IN EE CERTIFICATE OR PATH?. 




i 



S2010 



IS THERE PATH CORRESPONDING 
TO AUTHENTICATION REQUEST, 
IN INVALID-PATH DB? 



YES I 



I 



YES 



DOES EE CERTIFICATE OBSERVE 
CONSTRAINT DESCRIBED 
IN DETECTED PATH? 



S2006 




5 



H YES 



IS TRUSTWORTHINESS OF 
ELECTRONIC PROCEDURE CONTAINED 
IN AUTHENTICATION REQUEST OR PATH? 



jYES 



DO EE CERTIFICATE AND PATH HAVE, 
AT LOWEST, TRUSTWORTHINESS OF 
ELECTRONIC PROCEDURE? 



3 



YES 



NOTIFY IT TO REQUESTER THAT 
EE CERTIFICATE IS VALID 



S2008 



T 



7 



IS PATH OTHER THAN 
REGISTERED PATH 
DETECTED? 






YES 



NO 



S2009 



NOTIFY IT TO REQUESTER THAT 
EE CERTIFICATE IS NOT VALID 



11/12 



FIG.11 



OPERATION OF AUTHENTICATING VALIDITY OF PUBLIC KEY CERTIFICATE 



S2012 



1 



SEARCH FOR PATH 
CORRESPONDING 
TO AUTHENTICATION 
REQUEST 



S2013 




I 



HAS PATH CORRESPONDING TO 
AUTHENTICATION REQUEST 
BEEN DETECTED? 



YES 



VALIDATE DETECTED PATH 



S2015 



I 



HAS VERIFICATION 
SUCCEED? 



YES 



S2016 



I 



REGISTER PATH IN 
VALID-PATH DB 



S2017 




NO 



i r 



S2018 



REGISTER PATH IN 
INVALID-PATH DB 



T 



NOTIFY IT TO REQUESTER THAT 
EE CERTIFICATE IS VALID 



S2019 



NOTIFY IT TO REQUESTER THAT 
EE CERTIFICATE IS NOT VALID 



12/12 




PUBLIC KEY 
CERTIFICATE 



ELECTRONIC 
DOCUMENT 



SIGNATURE 
OF CAS 1 



SIGNATURE 
OF EEi 



